syzbot


KCSAN: data-race in balance_pgdat / shrink_node (5)

Status: auto-closed as invalid on 2021/10/23 23:14
Subsystems: mm
[Documentation on labels]
First crash: 925d, last: 921d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in balance_pgdat / shrink_node mm 1 1559d 1559d 0/26 auto-closed as invalid on 2020/02/29 16:40
upstream KCSAN: data-race in balance_pgdat / shrink_node (2) mm 1 1484d 1484d 0/26 auto-closed as invalid on 2020/05/13 22:16
upstream KCSAN: data-race in balance_pgdat / shrink_node (4) mm 1 1182d 1182d 0/26 auto-closed as invalid on 2021/02/05 08:28
upstream KCSAN: data-race in balance_pgdat / shrink_node (3) mm 1 1282d 1282d 0/26 auto-closed as invalid on 2020/10/27 23:10

Sample crash report:
==================================================================
BUG: KCSAN: data-race in balance_pgdat / shrink_node

write to 0xffff88823fffa998 of 8 bytes by task 68 on cpu 1:
 balance_pgdat+0xabc/0xd30 mm/vmscan.c:4124
 kswapd+0x1f0/0x300 mm/vmscan.c:4328
 kthread+0x262/0x280 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30

read to 0xffff88823fffa998 of 8 bytes by task 4154 on cpu 0:
 shrink_node+0x7d9/0x1190 mm/vmscan.c:3123
 shrink_zones+0x2af/0x490 mm/vmscan.c:3342
 do_try_to_free_pages+0x193/0x6c0 mm/vmscan.c:3397
 try_to_free_pages+0x3a5/0x850 mm/vmscan.c:3632
 __perform_reclaim mm/page_alloc.c:4592 [inline]
 __alloc_pages_direct_reclaim mm/page_alloc.c:4613 [inline]
 __alloc_pages_slowpath+0x560/0xbf0 mm/page_alloc.c:5017
 __alloc_pages+0x25b/0x320 mm/page_alloc.c:5388
 alloc_pages+0x382/0x3d0
 relay_alloc_buf kernel/relay.c:124 [inline]
 relay_create_buf kernel/relay.c:165 [inline]
 relay_open_buf+0x20c/0x810 kernel/relay.c:387
 relay_open+0x25b/0x560 kernel/relay.c:520
 do_blk_trace_setup+0x2fa/0x510 kernel/trace/blktrace.c:549
 __blk_trace_setup kernel/trace/blktrace.c:589 [inline]
 blk_trace_setup+0x9b/0x120 kernel/trace/blktrace.c:607
 sg_ioctl_common drivers/scsi/sg.c:1122 [inline]
 sg_ioctl+0xa6b/0x18e0 drivers/scsi/sg.c:1164
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xcb/0x140 fs/ioctl.c:860
 __x64_sys_ioctl+0x3f/0x50 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x0000000000001968 -> 0x0000000000000368

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 4154 Comm: syz-executor.4 Not tainted 5.15.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
syz-executor.4: page allocation failure: order:0, mode:0xcc0(GFP_KERNEL), nodemask=(null)
,cpuset=
/
,mems_allowed=0

CPU: 1 PID: 4154 Comm: syz-executor.4 Not tainted 5.15.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd6/0x122 lib/dump_stack.c:106
 dump_stack+0x11/0x1b lib/dump_stack.c:113
 warn_alloc+0x132/0x190 mm/page_alloc.c:4224
 __alloc_pages_slowpath+0xbd7/0xbf0 mm/page_alloc.c:5123
 __alloc_pages+0x25b/0x320 mm/page_alloc.c:5388
 alloc_pages+0x382/0x3d0
 relay_alloc_buf kernel/relay.c:124 [inline]
 relay_create_buf kernel/relay.c:165 [inline]
 relay_open_buf+0x20c/0x810 kernel/relay.c:387
 relay_open+0x25b/0x560 kernel/relay.c:520
 do_blk_trace_setup+0x2fa/0x510 kernel/trace/blktrace.c:549
 __blk_trace_setup kernel/trace/blktrace.c:589 [inline]
 blk_trace_setup+0x9b/0x120 kernel/trace/blktrace.c:607
 sg_ioctl_common drivers/scsi/sg.c:1122 [inline]
 sg_ioctl+0xa6b/0x18e0 drivers/scsi/sg.c:1164
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xcb/0x140 fs/ioctl.c:860
 __x64_sys_ioctl+0x3f/0x50 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efea2664739
Code: Unable to access opcode bytes at RIP 0x7efea266470f.
RSP: 002b:00007efea03dc188 EFLAGS: 00000246
 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007efea2768f80 RCX: 00007efea2664739
RDX: 0000000020000100 RSI: 00000000c0481273 RDI: 0000000000000004
RBP: 00007efea26becc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007efea2768f80
R13: 00007ffc8dbd6f5f R14: 00007efea03dc300 R15: 0000000000022000
Mem-Info:
active_anon:6561 inactive_anon:96225 isolated_anon:0
 active_file:12 inactive_file:9 isolated_file:0
 unevictable:0 dirty:0 writeback:0
 slab_reclaimable:3662 slab_unreclaimable:7950
 mapped:54768 shmem:5585 pagetables:3429 bounce:0
 kernel_misc_reclaimable:0
 free:10771 free_pcp:0 free_cma:0
Node 0 active_anon:26244kB inactive_anon:384900kB active_file:48kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:219072kB dirty:0kB writeback:0kB shmem:22340kB writeback_tmp:0kB kernel_stack:2992kB pagetables:13716kB all_unreclaimable? yes
Node 0 DMA free:15360kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2942 7920 7920
Node 0 DMA32 free:21904kB min:4224kB low:7236kB high:10248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:3017196kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]:
 0 0 4978 4978
Node 0 
Normal free:5820kB min:7152kB low:12248kB high:17344kB reserved_highatomic:0KB active_anon:26244kB inactive_anon:384900kB active_file:72kB inactive_file:0kB unevictable:0kB writepending:0kB present:5242880kB managed:5098288kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]:
 0 0 0
 0
Node 0 DMA: 
0*4kB 
0*8kB 
0*16kB 
0*32kB 
0*64kB 
0*128kB 
0*256kB 
0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
Node 0 DMA32: 4*4kB (UM) 3*8kB 
(UM) 4*16kB 
(UM) 5*32kB 
(M) 
4*64kB 
(M) 5*128kB (UM) 
4*256kB 
(M) 5*512kB (M) 5*1024kB (UM) 2*2048kB (UM) 
2*4096kB 
(M) 
= 22152kB
Node 0 
Normal: 903*4kB 
(UME) 259*8kB 
(UME) 46*16kB 
(UME) 
13*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB 
= 6836kB
Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
5591 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
2097051 pages RAM
0 pages HighMem/MovableOnly
64340 pages reserved

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/09/18 23:09 upstream 93ff9f13be91 70b76c1d .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in balance_pgdat / shrink_node
2021/09/14 22:13 upstream 1619b69edce1 07e953c1 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in balance_pgdat / shrink_node
* Struck through repros no longer work on HEAD.